On Thu Jan 23 09:32:12 2014, [email protected] wrote: > Hello, > > My name is Jorge Torres and I'm a software engineer at EMC Corp. I > work with two EMC products which utilize OpenSSL version 0.9.8 (on > Windows x86 and x64, Solaris, HP, AIX and Linux), and I am writing > this email in regards to the advisory described in the following > link: > http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca989269a2876bae79393bd54c3e72d49975fc75 > > Essentially, we need OpenSSL version 1.0.2 in order to resolve a > security vulnerability. However, upgrading to OpenSSL 1.0.2 would > require a significant amount of effort from our end. Are there any > patches for OpenSSL 0.9.8 that would address this issue? > I did review a list of commit diffs listed in this link: > http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0294b2be5f4c11 > However, I cannot apply those diffs to the 0.9.8 version of the .c > files. It looks like 0.9.8 is too old. > > I appreciate any help you can provide. >
That only affects versions of OpenSSL which support TLS 1.2. Currently only the 1.0.1 releases support TLS 1.2. So OpenSSL 0.9.8 is not affected by that issue so there is no need to patch it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
